Recommendations for information security awareness training for college students

Abstract

Purpose – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). Design/methodology/approach – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. Findings – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. Practical implications – Universities can assess their ISAT for students based on the findings of this study. Originality/value – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.